Stochastic identification of malware with dynamic traces
From MaRDI portal
Publication:2453653
Abstract: A novel approach to malware classification is introduced based on analysis of instruction traces that are collected dynamically from the program in question. The method has been implemented online in a sandbox environment (i.e., a security mechanism for separating running programs) at Los Alamos National Laboratory, and is intended for eventual host-based use, provided the issue of sampling the instructions executed by a given process without disruption to the user can be satisfactorily addressed. The procedure represents an instruction trace with a Markov chain structure in which the transition matrix, , has rows modeled as Dirichlet vectors. The malware class (malicious or benign) is modeled using a flexible spline logistic regression model with variable selection on the elements of , which are observed with error. The utility of the method is illustrated on a sample of traces from malware and nonmalware programs, and the results are compared to other leading detection schemes (both signature and classification based). This article also has supplementary materials available online.
Recommendations
- Malware family discovery using reversible jump MCMC sampling of regimes
- Learning to detect and classify malicious executables in the wild
- Mal-ID: automatic malware detection using common segment analysis and meta-features
- Probabilistic suffix models for API sequence analysis of windows XP applications
- A new malware classification approach based on malware dynamic analysis
Cites work
- scientific article; zbMATH DE number 845707 (Why is no real title available?)
- scientific article; zbMATH DE number 845714 (Why is no real title available?)
- Learning to detect and classify malicious executables in the wild
- Least angle regression. (With discussion)
- Logistic disease incidence models and case-control studies
- Multinomial Inverse Regression for Text Analysis
- Regularization and Variable Selection Via the Elastic Net
- Relaxed Lasso
- Simulation-based regularized logistic regression
- Stochastic identification of malware with dynamic traces
- The Adaptive Lasso and Its Oracle Properties
- The Estimation of Choice Probabilities from Choice Based Samples
Cited in
(6)- Bayesian Models Applied to Cyber Security Anomaly Detection Problems
- Malware family discovery using reversible jump MCMC sampling of regimes
- Stochastic identification of malware with dynamic traces
- Malware clustering based on graph convolutional networks
- Probabilistic suffix models for API sequence analysis of windows XP applications
- A malware variant clustering method based on fuzzy hash
This page was built for publication: Stochastic identification of malware with dynamic traces
Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q2453653)
